Report #317

(1)

Binary

DLL False

Size 2.20MB

trid 33.9% Generic CIL Executable

19.9% InstallShield setup

19.2% Win32 EXE PECompact compressed 12.8% Win64 Executable

6.0% Windows screen saver

type PE

wordsize 32

Subsystem Windows GUI

Hashes

md5 863148dc54f7fcc45d5a7f2cff742548

sha1 4737b7629d0945329e988e7c8a8ebe7ff4601f0e

crc32 0x2255245c

sha224 b78c7520295da496240c34e19d792142f97ec6a5ae1a7674d951f238

sha256 3ffdab4f4c327700e4f3ef1533556d2e56e8c09e5f24726a3ad25d1b3052642 0

sha384 862591388f250f645547e856152276cceca8cb27fcaa2b2a8a2d0b2effb44c4 d44fcc99bc461d709d31a1d22439c729d

sha512 229d1dac335307bb7e21a5761eecc8045571a423ae0b3a5bfdd2b882a361f 47aac52300ffe0313c7513a0d721cdb2f03dd1390e6bf0e04473a392fd71a9 5b355

ssdeep 49152:CA6Fgxr/nIiYWMf9dQnPoY20k0XgBq/bPEUpPhOZy+hz7FFUj9SD+swI OTKqujAV:CA6d5jKNOj+7

Report #317

Creation Date: Oct. 12, 2019, 1:47 a.m.

Last Update: Oct. 12, 2019, 1:52 a.m.

File:

049 Results:

(2)

Community

Google False

HashLib False

YARA

Matches IP, win_private_profile, Dropper_Strings, Intel_Virtualization_Wizard_exe, BA SE64_table, escalate_priv, NanoCore, DebuggerException__SetConsoleCtrl, Microsoft_Visual_C_v70_Basic_NET, screenshot, spreading_share, create_ser vice, Microsoft_Visual_Studio_NET, network_dns, cred_local, NET_executable _, network_http, win_files_operation, IsPE32, Nanocore_RAT_Gen_2, Microso ft_Visual_C_v70_Basic_NET_additional, win_hook, disable_dep, antisb_threat Expert, NET_executable, contentis_base64, network_tcp_socket, SEH__vect ored, Microsoft_Visual_Studio_NET_additional, win_token, win_mutex, keylo gger, NETexecutableMicrosoft, DebuggerCheck__GlobalFlags, Misc_Suspicio us_Strings, migrate_apc, IsWindowsGUI, Check_Dlls, DebuggerHiding__Thre ad, network_udp_sock, anti_dbg, network_tcp_listen, DebuggerCheck__Que ryInfo, url, android_meterpreter, IsNET_EXE, Microsoft_Visual_C_Basic_NET, win_registry, Typical_Malware_String_Transforms, HasOverlay, network_dga, Advapi_Hash_API, Big_Numbers5, System_Tools, create_com_service, power shell, Big_Numbers0

Suspicious True

Strings

List

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.3 /">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

(3)

1.3/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/xa p/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xap /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:stRef="http://ns.adobe.com/x ap/1.0/sType/ResourceRef#" xmlns:xapMM="http://ns.adobe.com/xap/1.0/mm/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:pdf="http://ns.adobe.com/pdf/

1.3/">

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

</dc:rights></rdf:Description><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:

tiff="http://ns.adobe.com/tiff/1.0/"/><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" x mlns:exif="http://ns.adobe.com/exif/1.0/"/></rdf:RDF></x:xmpmeta>

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/x ap/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xapMM="http://ns.adobe.com/xa p/1.0/mm/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1 .0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:xapMM="http://ns.adobe.com/

xap/1.0/mm/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/

1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:xap="http://ns.adobe.com/xap/1.

0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0/

">

(4)

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:pdf="http://ns.adobe.com/pdf/1.

3/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1 .0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/1.

0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:xap="http://ns.adobe.com/xa p/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:tiff="http://ns.adobe.com/tiff/

1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:tiff="http://ns.adobe.com/tiff/1.0 /">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1 .0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:exif="http://ns.adobe.com/exif/1.

0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:9ec20a53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:df90b7af-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.com /photoshop/1.0/">

<rdf:Description rdf:about="uuid:c8e53c53-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co

(5)

m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:880b6202-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:b1be9614-923d-11dc-bf0f-889ae1191ecf" xmlns:photoshop="http://ns.adobe.co m/photoshop/1.0/">

<rdf:Description rdf:about="uuid:cf09c8e3-7814-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:70e47554-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:70e4755a-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:b58a55db-7817-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif /1.0/">

<rdf:Description rdf:about="uuid:6f03c386-7819-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exif/

1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:exif="http://ns.adobe.com/exi f/1.0/">

<rdf:Description rdf:about="uuid:0bbddd7d-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

<rdf:Description rdf:about="uuid:0bbddd83-7818-11dc-b3b7-80a45141ec24" xmlns:photoshop="http://ns.adobe.c om/photoshop/1.0/">

qhttp://ns.adobe.com/xap/1.0/

http://ns.adobe.com/xap/1.0/

=http://ns.adobe.com/xap/1.0/

<rdf:Description rdf:about="uuid:1acf7d56-923e-11dc-bf0f-889ae1191ecf" xmlns:dc="http://purl.org/dc/elements/

1.1/">

Foremost

Matches 0.exe, 202 KB

Suspicious True

Heuristics

IPs hasIPs: False

Allowed

(6)

Suspicious

hasAllowed: False hasSuspicious: False

URLs Allowed

hasURLs: False Suspicious

hasAllowed: False hasSuspicious: False

Files Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll, advapi32.

dll

hasFiles: True Suspicious

hasAllowed: True hasSuspicious: False

Binary

Sizes RVA

RVA: 16

Suspicious: False Code

Size: 90112

Suspicious: False Image

Address: 4194304 Suspicious: False Stack

Stack: 4096 Suspicious: False Headers

Headers: 512 Suspicious: False Suspicious: False

Symbols Number

Number: 0

Suspicious: True Pointer

Pointer: 0

Suspicious: True Directories Number: 16 Suspicious: False

Checksum Value: 0

Suspicous: True

Sections Allowed: .text, .reloc, .rsrc Suspicious

(7)

hasAllowed: True hasSections: True hasSuspicious: False

Versions OS

Version: 4

Suspicious: False Image

Version: True Suspicious: 4 Linker

Version: 6.0 Suspicious: False Subsystem

Version: 4.0 Suspicious: False Suspicious: False

EntryPoint Address: 124818

Suspicious: False

Anomalies Anomalies: The header checksum and the calculated checksum do not ma tch.

hasAnomalies: True

Libraries Allowed: kernel32.dll, ntdll.dll, psapi.dll, mscoree.dll, dnsapi.dll, advapi32.

dll

hasLibs: True Suspicious

hasAllowed: True hasSuspicious: False

Timestamp Past: False

Valid: True

Value: 2015-02-21 22:49:37 Future: False

Compilation Packed: False

Missing: False Packers

Compiled: True

Compilers: Microsoft Visual C# / Basic .NET, Microsoft Visual Studio .NET, . NET executable, Microsoft Visual C# v7.0 / Basic .NET

Obfuscation XOR: True

Fuzzing: False

PEDetector

(8)

Matches None

Suspicious False

Disassembly

hasTricks True

Tricks

pushret .rsrc: 55

.text: 3

pushpopmath .rsrc: 20

.text: 76

garbagebytes .rsrc: 21

.text: 2

hookdetection .rsrc: 2

programcontrolflowchange .rsrc: 21 .text: 2

cpuinstructionsresultscomparison .rsrc: 1 .text: 19

AVclass

nanocore 1

VirusTotal

md5 863148dc54f7fcc45d5a7f2cff742548

sha1 4737b7629d0945329e988e7c8a8ebe7ff4601f0e

SCANS (DETECTION RATE = 85.71%)

AVG result: MSIL:NanoCore-B [Trj]

update: 20190906 version: 18.4.3895.0 detected: True

(9)

CMC update: 20190321 version: 1.1.0.977 detected: False

MAX result: malware (ai score=83)

APEX result: Malicious

update: 20190906 version: 5.60 detected: True

Bkav result: W32.DropperFraudropK.Trojan

K7GW result: Trojan ( 700000121 )

update: 20190906 version: 11.65.31928 detected: True

ALYac result: Backdoor.MSIL.Agent.GD

Avast result: MSIL:NanoCore-B [Trj]

Avira result: TR/Dropper.Gen

Baidu update: 20190318

version: 1.0.0.2 detected: False

Cyren result: W32/NanoCore.C.gen!Eldorado

(10)

DrWeb result: Trojan.Nanocore.23 update: 20190906

version: 7.0.41.7240 detected: True

GData result: MSIL.Backdoor.Nancat.A

update: 20190906

version: A:25.23285B:26.15960 detected: True

Panda result: Bck/Agent.KNM

VBA32 result: TScope.Trojan.MSIL

VIPRE result: Trojan.MSIL.NanoCore.B (fs)

update: 20190906 version: 77668 detected: True

Zoner result: Trojan.Win32.48280

ClamAV result: Win.Trojan.Nanocore-5

Comodo result: Backdoor.MSIL.Noancooe.JDE@5s4u9t

F-Prot result: W32/NanoCore.C.gen!Eldorado

Ikarus result: Backdoor.Rat.Nanocore

update: 20190905

(11)

McAfee result: GenericRXAA-CZ!863148DC54F7

Rising result: Backdoor.NanoCore!1.B6F9 (CLASSIC) update: 20190906

Sophos result: Troj/NanoCor-BT

Yandex result: Trojan.Agent!TffiQCTXKR8

Zillya result: Trojan.Agent.Win32.1036680

Acronis result: suspicious

Alibaba result: Backdoor:MSIL/Agent.63289fa1

Arcabit result: Backdoor.MSIL.Agent.GD

Cylance result: Unsafe

(12)

Endgame result: malicious (high confidence) update: 20190819

version: 3.0.14 detected: True

FireEye result: Generic.mg.863148dc54f7fcc4

TACHYON update: 20190906

version: 2019-09-06.01 detected: False

Tencent update: 20190906

ViRobot result: Backdoor.Win32.NanoCore.Gen.A

Webroot update: 20190906

eGambit result: Trojan.Generic

update: 20190906 version: v5.0.5 detected: True

Ad-Aware result: Backdoor.MSIL.Agent.GD

AegisLab result: Trojan.Win32.Generic.mhUN

Emsisoft result: Backdoor.MSIL.Agent.GD (B) update: 20190906

(13)

F-Secure result: Trojan.TR/Dropper.Gen update: 20190905

Fortinet result: W32/Generic.AC.A0C!tr

Invincea result: heuristic

Jiangmin result: Backdoor.Generic.zwu

Kingsoft update: 20190906

Paloalto result: generic.ml

Symantec result: Trojan.Nancrat

Trapmine result: malicious.high.ml.score update: 20190826

AhnLab-V3 result: Win-Trojan/Nanocore.Exp update: 20190906

Antiy-AVL update: 20190906

(14)

Kaspersky result: Trojan.MSIL.Agent.fpar update: 20190906

Microsoft result: Backdoor:MSIL/Noancooe.A

Qihoo-360 result: HEUR/QVM03.0.B2C7.Malware.Gen update: 20190906

ZoneAlarm result: Trojan.MSIL.Agent.fpar update: 20190906

version: 1.0 detected: True

Cybereason result: malicious.c54f7f

ESET-NOD32 result: MSIL/NanoCore.E

TrendMicro result: Backdoor.MSIL.NANOCORE.SMIL update: 20190906

BitDefender result: Backdoor.MSIL.Agent.GD update: 20190906

CrowdStrike result: win/malicious_confidence_100% (W) update: 20190702

K7AntiVirus result: Trojan ( 700000121 )

(15)

SentinelOne result: DFI - Malicious PE update: 20190807 version: 1.0.31.22 detected: True

Avast-Mobile update: 20190905

version: 190905-02 detected: False

Malwarebytes result: Backdoor.NanoCore update: 20190906

TotalDefense update: 20190905

CAT-QuickHeal result: Trojan.MsilFC.S6053545 update: 20190905

NANO-Antivirus result: Trojan.Win32.Dwn.edxxmu update: 20190906

MicroWorld-eScan result: Backdoor.MSIL.Agent.GD update: 20190906

SUPERAntiSpyware update: 20190830

McAfee-GW-Edition result: BehavesLike.Win32.Generic.vh update: 20190906

version: v2017.3010 detected: True

TrendMicro-HouseCall result: Backdoor.MSIL.NANOCORE.SMIL

(16)

total 70

sha256 3ffdab4f4c327700e4f3ef1533556d2e56e8c09e5f24726a3ad25d1b3052642 0

scan_id 3ffdab4f4c327700e4f3ef1533556d2e56e8c09e5f24726a3ad25d1b3052642 0-1567748833

resource 863148dc54f7fcc45d5a7f2cff742548

permalink https://www.virustotal.com/file/3ffdab4f4c327700e4f3ef1533556d2e56e8c0 9e5f24726a3ad25d1b30526420/analysis/1567748833/

positives 60

scan_date 2019-09-06 05:47:13

verbose_msg Scan finished, information embedded

response_code 1

File

Trace

3/5/2018 - 18:45:43.5 75

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

3/5/2018 - 18:45:43.5 75

Op en

C:\mal ware.e xe

C:\malware.exe.Local

3/5/2018 - 18:45:43.5 75

Op en

C:\mal ware.e xe

C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507 27.4940_none_d08cc06a442b34fc

3/5/2018 - 18:45:43.5 75

Unk no wn

C:\mal ware.e xe

3/5/2018 - 18:45:43.5 75

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:43.5 75

Op en

C:\mal ware.e xe

C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507 27.4940_none_d08cc06a442b34fc\msvcr80.dll

(17)

3/5/2018 - 18:45:43.5 75

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:43.5 90

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:43.5 90

Op en

C:\mal ware.e xe

C:\

3/5/2018 - 18:45:43.5 90

Unk no wn

C:\mal ware.e xe

C:\

3/5/2018 - 18:45:43.5 90

Op en

C:\mal ware.e xe

C:\Windows

3/5/2018 - 18:45:43.5 90

Unk no wn

C:\mal ware.e xe

C:\Windows

3/5/2018 - 18:45:43.5 90

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:43.5 90

Unk no wn

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 06

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.conf ig

3/5/2018 - 18:45:43.6 06

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:43.6 06

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:43.6 22

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:43.6 22

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:43.6 22

Rea d

C:\mal ware.e xe

machine.confi g

(18)

3/5/2018 - 18:45:43.6 22

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:43.6 22

Op en

C:\mal ware.e xe

C:\malware.exe.config

3/5/2018 - 18:45:43.6 22

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac

3/5/2018 - 18:45:43.6 22

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.confi g

3/5/2018 - 18:45:43.6 22

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.confi g.cch

3/5/2018 - 18:45:43.6 22

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec .config

3/5/2018 - 18:45:43.6 22

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec .config.cch

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls

3/5/2018 - 18:45:43.6 37

Unk no wn

C:\mal ware.e xe

C:\Windows\Globalization\Sorting\SortDefault.nls SortDefault.nl s

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Users\Behemot

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Users\Behemot

3/5/2018 - 18:45:43.6 37

Unk no wn

C:\mal ware.e xe

C:\Users\Behemot

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

3/5/2018 -

18:45:43.6 Op C:\mal

ware.e C:\Users\Behemot\AppData\Roaming

(19)

37 en xe

3/5/2018 - 18:45:43.6 37

Unk no wn

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.

50727.312\security.config

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.

50727.312\security.config.cch

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf6044 32e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll

3/5/2018 - 18:45:43.6 37

Unk no wn

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf6044

32e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll mscorlib.ni.dll

3/5/2018 - 18:45:43.6 37

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - C:\mal

(20)

18:45:43.6 37

Rea d

ware.e xe

mscorlib.ni.dll

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 37

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

(21)

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

(22)

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 53

Op en

C:\mal ware.e xe

C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Unk no wn

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.6 68

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.7 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.7 93

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.8 Rea

d

C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf6044

(23)

40 xe

3/5/2018 - 18:45:43.8 87

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.9 34

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:43.9 81

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.1 22

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.1 68

Unk no wn

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\

3/5/2018 - 18:45:44.1 68

Unk no wn

C:\mal ware.e xe

C:\

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Monitor

3/5/2018 - 18:45:44.1 68

Unk no wn

C:\mal ware.e xe

C:\Monitor

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Monitor\Malware

3/5/2018 - 18:45:44.1 68

Unk no wn

C:\mal ware.e xe

C:\Monitor\Malware

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - Unk C:\mal

(24)

18:45:44.1 68

no wn

ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Windows\SysWOW64\rpcss.dll

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Windows\SysWOW64\rpcss.dll

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/5/2018 - 18:45:44.1 68

Op en

C:\mal ware.e xe

C:\Windows\SysWOW64\uxtheme.dll

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

(25)

3/5/2018 - 18:45:44.2 15

Op en

C:\mal ware.e xe

C:\Windows\SysWOW64\l_intl.nls

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Op en

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files

3/5/2018 - 18:45:44.2 15

Unk no wn

C:\mal ware.e xe

C:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files

3/5/2018 - 18:45:44.2 15

Op en

C:\mal ware.e xe

C:\malware.exe.config

3/5/2018 - 18:45:44.2 15

Op en

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.2 15

Unk no wn

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.2 15

Op en

C:\mal ware.e xe

C:\Monitor\Malware

3/5/2018 - 18:45:44.2 15

Unk no wn

C:\mal ware.e xe

C:\Monitor\Malware

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

(26)

3/5/2018 - 18:45:44.2 15

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 15

Op en

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.2 31

Unk no wn

C:\mal ware.e xe

C:\malware.exe

3/5/2018 - 18:45:44.2 31

Op en

C:\mal ware.e xe

C:\Windows\assembly\pubpol4.dat

3/5/2018 - 18:45:44.2 31

Op en

C:\mal ware.e xe

C:\Windows\assembly\GAC\PublisherPolicy.tme

3/5/2018 - 18:45:44.2 31

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Unk no wn

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:44.2 31

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

machine.confi g

3/5/2018 - 18:45:44.2 31

Unk no wn

C:\mal ware.e xe

machine.confi g

(27)

3/5/2018 - 18:45:44.2 31

Op en

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe0 1458a63ecb518c7444c1f1\System.ni.dll

3/5/2018 - 18:45:44.2 31

Unk no wn

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe0

1458a63ecb518c7444c1f1\System.ni.dll System.ni.dll

3/5/2018 - 18:45:44.2 31

Op en

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe0 1458a63ecb518c7444c1f1\System.ni.dll

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 Rea

C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe0 System.ni.dll

(28)

31 d xe 1458a63ecb518c7444c1f1\System.ni.dll

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Op en

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f 4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll

(29)

3/5/2018 - 18:45:44.2 47

Unk no wn

C:\mal ware.e xe

System.Drawi ng.ni.dll

3/5/2018 - 18:45:44.2 47

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Op en

C:\mal ware.e xe

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Fo rms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll

3/5/2018 - 18:45:44.2 47

Unk no wn

C:\mal ware.e xe

System.Wind ows.Forms.ni.

dll

(30)

3/5/2018 - 18:45:44.2 47

Op en

C:\mal ware.e xe

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.3 09

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.3 56

Rea d

C:\mal ware.e xe

dll

(31)

3/5/2018 - 18:45:44.4 03

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.4 50

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.4 97

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.5 43

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.5 90

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.6 37

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.6 84

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.7 31

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.7 78

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.8 25

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.8 72

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.9 18

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:44.9 65

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.1 Rea

d

C:\mal

ware.e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Fo rms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll

(32)

2 xe dll

3/5/2018 - 18:45:45.5 9

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.1 06

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.1 53

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.2 00

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.2 47

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.2 93

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.3 40

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:45.3 87

Op en

C:\mal ware.e xe

C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5 c561934e089

3/5/2018 - 18:45:45.6 22

Unk no wn

C:\mal ware.e xe

C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5 c561934e089

3/5/2018 - 18:45:45.6 22

Rea d

C:\mal ware.e xe

dll

3/5/2018 - 18:45:46.1 84

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:46.2 31

Rea d

C:\mal ware.e xe

3/5/2018 - 18:45:46.2 78

Op en

C:\mal ware.e xe

C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089

3/5/2018 - Unk C:\mal